CVE-2026-39835
SSH Server Panic via Nil CertChecker Callbacks
Publication date: 2026-05-22
Last updated on: 2026-05-22
Assigner: Go Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| golang | go | to 0.52.0 (exc) |
| golang | golang.org | to 0.52.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects SSH servers that use the CertChecker function as a public key callback. If the server does not set the IsUserAuthority or IsHostAuthority callbacks, a client presenting a certificate can cause the server to panic.
The issue arises because CertChecker previously would panic when these callbacks were nil. The fix changes CertChecker to return an error instead of panicking in such cases.
How can this vulnerability impact me? :
This vulnerability can cause an SSH server to panic and potentially crash when a client presents a certificate and the server's CertChecker callbacks are not properly set.
Such a panic could lead to denial of service, disrupting SSH access and potentially impacting availability of services relying on SSH connections.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs when an SSH server uses the CertChecker function as a public key callback without setting the IsUserAuthority or IsHostAuthority fields. Detection involves verifying the SSH server configuration and code to check if CertChecker is used without these fields set.
Since the vulnerability causes the server to panic when a client presents a certificate, monitoring SSH server logs for unexpected panics or crashes during certificate authentication attempts can help detect the issue.
There are no specific commands provided in the available resources to detect this vulnerability on a network or system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that when using the CertChecker function as a public key callback in your SSH server, the IsUserAuthority and IsHostAuthority fields are properly set.
Alternatively, update the golang.org/x/crypto/ssh package to version 0.52.0 or later, where CertChecker has been fixed to return an error instead of panicking when these callbacks are nil.